Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Vulnerability not value lures most hackers, says ethical hacker: exclusive interview

AvantiKumar | June 24, 2016
Speaking to Computerworld, Malaysia based ethical hacker Fong Choong Fook, who acts as a security consultant for banks, warns that companies in other sectors must now remove any complacency.

LE Global Services (LGMS) ED and senior IT security consultant Fong Choong Fook 

Photo - LE Global Services (LGMS) Executive Director and Senior IT Security Consultant, Fong Choong Fook.


The majority of hackers are attracted by discovered vulnerabilities in an organisation's networks rather the value of any data assets held, according to a Malaysia-based ethical hacker who acts as a security consultant to the financial services sector in Malaysia.

LE Global Services (LGMS) executive director and senior IT security consultant Fong Choong Fook told Computerworld Malaysia in an exclusive interview that in his experience targeted cyber threats were now spreading out from financial services to many other sectors.

Companies are potential targets irrespective of the industry they are in, said Fong.  "Many companies, feel secure in not being in 'lucrative' fields such as finance or banking, and they feel content to put in place basic ground-level defences and hope to get by. That alone is not enough."

Citing a Gartner report, Fong said that 75 percent of attacks today occur at the application level. "Despite the common use of defences such as web application firewalls and intrusion prevention and detection systems, hackers still pose a serious liability and not often stopped or detected."

"Take for example the healthcare industry, one of the most rapidly developing sectors within Malaysia," said Fong. "According to Trend Micro, the problem of cyber security vulnerabilities within the healthcare sector are pervasive, impacting health care providers of all sizes and types. During 2015 alone more than 120 million health care records were breached globally, a number that is going nowhere but up."

Love-hate relationship

"Cybersecurity is one of the fields that most businesses have a love-hate relationship with," he continued. "Businesses know that to prevent cyber-intrusion is very necessary, but is an almost insurmountable task if they were to try and cope with it themselves."

"It is the ones who do not lie awake at night worrying that are truly in danger," said Fong, adding that LGMS was established in Malaysia in 2005 to help companies cope with information security issues.

"From a business owner standpoint, those who are aware of the threats could very well lie awake many nights, thinking that at any moment, someone could be probing, poking, and prodding relentlessly at the cyber defences protecting their business," he said.

"Despite common belief, cybersecurity is not a one-off thing that you can implement and then forget about, thinking your business is secure," Fong added.

"Cybersecurity is an ongoing process of exercising due care and due diligence to protect information and information systems," he said.

Penetration testing

"This [process] can be from unauthorised access, use, disclosure, destruction, modification, or disruption. The ongoing process of cybersecurity involves training, assessment, protection, monitoring and detection, incident response and repair, documentation, and review at many levels," Fong said.

He said in his experience with LGMS, securing organisations needed the knowledge, expertise and dedication to carry out the implementation of security measures at multiple levels, such as penetration testing, security assessment, application security assessment among other procedures.

"Since inception, LGMS has maintained a laser-focus on delivering services that assess client security requirements, reduce risk and provide operational efficiency," said Fong.

"LGMS is the only information security services company that integrates the best practices of ISO quality management systems into their entire portfolio of services, resulting in measurable performance increases for customers," he said, adding that the company's core clients are from the banking and financial services industry.

Looking ahead, Fong said that with the "computing world progressively embracing the Internet of Things (IoT), cybersecurity will become more critical than ever with more devices being connected online every day."


Sign up for Computerworld eNewsletters.